Method for Multi-Core Processor Based Packet Classification on Multiple Fields

ABSTRACT

The present invention relates to a method for multi-core processor based packet classification on multiple fields. The first step involved in this invention involves constructing a data structure of classification, which includes selecting a certain dimension such that the sum of the rules that fall into two rule sub-sets of two subspaces is as small as possible after spatial partition through a certain partition point in which the method to determine the partition point on the selected dimension is to select the partition point on the dimension such that the number of rules that fall into the two sub-spaces after partition by the point is equal to each other as much as possible. The invention specifically proposes three methods to select partition points, two associated methods to select dimensions, then receiving packet information after the data structure of classification is constructed, and searching the data structure of classification according to packet information to get matched results. The present invention can be implemented on many types of multi-core processor based platforms which ensure favorable performance and adaptive capabilities for different network applications, and significantly reduce the product cost of high-end routers and firewalls.

CROSS-REFERENCE TO RELATED APPLICATIONS

The priority of Chinese Patent Application No. 200910077067,4, filed onJan. 19, 2009, is hereby claimed, and the specification thereof isincorporated herein by reference.

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH

Not applicable.

FIELD OF THE INVENTION

The present invention relates to Internet filtering and monitoringtechnology, and more specifically, to a method for multi-core processorbased packet classification on multiple fields.

BACKGROUND OF THE INVENTION

Packet classification is a key part and core technology of firewall andsecurity gateway systems. Packets are filtered by inspecting andhandling the packet header in OSI (Open System Interconnection) networkprotocol layers 2 to 4 in the packet classification. The most commonapplication is the 5-tuple filter, that is, the source/destinationnetwork layer address (32-bit each for IPv4), source/destinationtransport layer port (16-bit each) and transport layer protocol flag (8bits).

Now, specialized hardware solutions like ASIC/FPGA are used to solveperformance bottlenecks in packet classification in the above gigabitfirewall and security gateway devices; however, due to the disadvantagesof a long time-to-market, large silicon area, high power consumption,and difficult upgrades high-performance packet classification are notyet widely implemented on none-hardware network devices. To this end, aseries of packet classification methods based on a general-purposeprocessor (CPU) have been extensively researched and developed. Americanacademic institutions such as Stanford University, University ofCalifornia San Diego, and Washington University, as well as companiessuch as Cisco, IBM have made a number of studies and experiments in thisregard. They have set forth an array of solutions to solve the packetclassification issue, which can be divided into two main categoriesbased on general-purpose processors: a packet classification methodusing decision tree structures, such as HiCuts, P. Gupta and N. McKeown,“Packet Classification Using Hierarchical Intelligent Cuttings,” Proc.Hot Interconnects, 1999, and a packet classification method usinghierarchical list structures, such as RFC, P. Gupta and N. McKeown,“Packet Classification On Multiple Fields,” Proc. ACM SIGCOMM 99, 1999.These two categories of methods eliminate redundant search space andincrease the speed of packet classification through a variety ofheuristic algorithms by exploiting different aspects of the structuralcharacteristics of classifier rule sets.

FIG. 1 shows a flow chart of packet classification using the priordecision tree structure. This method includes the following steps: themanagement unit performs pre-process, that is the construction of theclassifier data structure (also known as a decision tree) according tothe structural characteristics of the classifier rule set, and theoutput of the constructed classifier data structure to the classifierunit; the classifier unit receives the input packet and obtains 5-tupleinformation of the packets, then classifies the packets according to theclassification data structure, and locates the node matched by thepackets to get the classification results; the forwarding unit handlespackets according to the classification results to achieve the storage,forwarding, abandonment, or recording of packets and so on.

However, since the design of the existing methods is developed from therules' characteristics without consideration of memory hierarchy andprocessor architecture, the classifier data structure in the priorstructure is relatively redundant, and thus cannot work effectively formulti-core processors.

SUMMARY OF THE INVENTION

The objectives of the present invention are to provide a multi-coreprocessor based packet classification on multiple fields, which can beimplemented on many types of platforms, ensure favorable performance andadaptive capability to different network applications, and significantlyreduce the cost of high-end routers and firewalls.

To achieve the above objectives, the following technical solution isadopted in the present invention.

A method for multi-core processor based packet classification onmultiple fields, including the following steps:

-   -   s101, obtain the overall rule set R0, in which each rule        includes priority, the range value of each filtering field, and        the classification results;    -   s102, define S0 as the initial search space, which contains all        possible values of each filtering field in a packet header, and        every field corresponds to a dimension of the initial search        space;    -   s103, generate root node V0 corresponding to R0, S0, and a group        of processing elements R′, S′ and V′. Then copy R0, S0 and V0 to        R′, S′ and V′ respectively;    -   s104, enqueue the group of processing elements R′, S′ and V′        into queue Q, which is a FIFO queue;    -   s105, dequeue a group of processing elements from the queue Q,        and denote as R, S, V respectively;    -   s106, decide whether each rule in R includes S, if so, go to        step s116, if not, go to step s107;    -   s107, select field F as the partition field for S, along which        there are maximum number of different endpoint values;    -   s108, sort different endpoint values of all rules in R along the        partition field F in the ascending order, and assume M endpoint        values in total;    -   s109, select the endpoint numbered INT(M/2) along F as the        partition point P, where INT(M/2) means the rounding operation;    -   s110, partition S into subspace S1 and subspace S2 through        partition point P on F;    -   s111, label all rules in rule set R which overlap with subspace        S1 as rule set R1, and all rules in R which overlap with        subspace S2 as rule set R2;    -   s112, generate two sub-nodes V1 and V2, store them in continuous        memory space, and associate V1 with R1, S1, V2 with R2, S2;    -   s113, set V as an internal node, and assign the following data        structure to V:        -   V.field=F, V.point=P, V.offset=starting address of V1;    -   s114, generate a group of processing elements R′, S′ and V′,        copy R1, S1, and V1 to R′, S′ and V′, and then enqueue the group        into queue Q;    -   s115, generate a group of processing elements R′, S′ and V′,        copy R2, S2, and V2 to R′, S′ and V′, enqueue the group into        queue Q, and then return to step s105;    -   s116, obtain rule r with the highest priority in R, define V as        a leaf node, and assign the following data structure to V:        -   V.field=r.action, V.point=r.pri, V.offset=0;

Where r.action is the classification result of rule r, r.pri is thepriority of rule r;

-   -   s117, decide whether queue Q is empty, if so, go to step s118,        if not, go to step s105;    -   s118, return root node V0, which is the starting node to look up        the decision tree data structure;    -   s119, receive a network packet, and according to the values of        filtering fields, look up the decision tree from the root node        V0 until reach a leaf node, then classify the packet according        to V.field stored in the leaf node.

Preferably, the classification in step s119 includes the followingsub-steps:

-   -   s119 a, initialize the current node to be the root node V0;    -   s119 b, decide whether V.offset of the current node is 0, if so,        go to step s119 f, otherwise go to step s119 c;    -   s119 c, obtain the value of the V.field field in the packet        header, if the value is smaller than or equal to V.point, go to        step s119 d, otherwise, go to step s119 e;    -   s119 d, set sub-node V1 as the current node, and go to step s119        b;    -   s119 e, set sub-node V2 as the current node, and go to step s119        b;    -   s119 f, obtain the classification result according to the value        of V.field, obtain the rule priority according to the value of        V.point, and then go to step s119 g;    -   s119 g, perform the classification result, such as forwarding,        logging or dropping of the packet.

Preferably, in step s119 d, locate sub-node V1 according to V.offset ofthe current node is: &(V)+V.offset, where &(V) means the memory addressof the current node.

In s119 e, locate sub-node V2 according to V.offset of the current nodeas &(V)+V.offset+sizeof(V), where &(V) means the memory address of thecurrent node, sizeof(V) means the memory size occupied by one node.

The present invention provides another multi-core processor based packetclassification on multiple fields, including following steps:

-   -   s201, obtain the overall rule set R0, in which each rule        includes priority, the range value of each filtering field, and        classification results;    -   s202, define S0 as the initial search space, which contains all        possible values of each filtering field in a packet header and        every field corresponds to a dimension of the initial search        space;    -   s203, generate the root node V0 corresponding to R0, S0, and        generate a group of processing elements R′, S′ and V′. Then copy        R0, S0 and V0 to R′, S′ and V′ respectively;    -   s204, enqueue the group of processing elements R′, S′ and V′        into queue Q, which is a FIFO queue;    -   s205, dequeue a group of processing elements from the queue Q,        and denote as R, S, V respectively;    -   s206, decide whether each rule in R includes S, if so, go to        step s216, if not, go to step s207;    -   s207, select field F as the partition field for S, along which        there are maximum number of different endpoint values;    -   s208, sort different endpoint values of all rules in R along the        partition field F in the ascending order, and assume M endpoint        values in total;    -   s209, select endpoint P from M endpoints as the partition point,        such that after partitioning S through point P on field F, the        number of rules that fall into one of the sub-spaces is the        closest to half of the number of all rules in R partition;    -   s210, partition S into subspace S1 and subspace S2 through        partition point P on F;    -   s211, label all rules in rule set R which overlap with subspace        S1 as rule set R1, and all rules in R which overlap with        subspace S2 as rule set R2;    -   s212, generate two sub-nodes V1 and V2, store them in continuous        memory space, and associate V1 with R1,S1, V2 with R2,S2;    -   s213, set V as an internal node, and assign following data        structure to V:        -   V.field=F, V.point=P, V.offset=starting address of V1;    -   s214, generate a group of processing elements R′, S′ and V′,        copy R1, S1, and V1 to R′, S′ and V′, and then enqueue the group        into queue Q;    -   s215, generate a group of processing elements R′, S′ and V′,        copy R2, S2, and V2 to R′, S′ and V′, enqueue the group into        queue Q, and then return to step s205;    -   s216, obtain rule r with the highest priority in R, define V as        a leaf node, and assign the following data structure to V:        -   V.field=r.action, V.point=r.pri, V.offset=0;

Where r.action is the classification result of rule r, r.pri is thepriority of rule r;

-   -   s217, decide whether queue Q is empty, if so, go to step s218,        if not, go to step s205;    -   s218, return root node V0, which is the starting node to look up        the decision tree data structure;    -   s219, receive a network packet, and according to the value of        filtering fields, look up the decision tree from the root node        V0, reach a leaf node, then classify the packet according to        V.field stored in the leaf node.

Preferably, the classification in step s219 includes the followingsub-steps:

-   -   s219 a, initialize the current node to be the root node V0; s219        b, decide whether V.offset of the current node is 0, if so, go        to step s219 f, otherwise go to step s219 c;    -   s219 c, obtain the value of the V.field field in the packet        header, if the value is smaller than or equal to V.point, go to        step s219 d, otherwise, go to step s219 e;    -   s219 d, set sub-node V1 partition as the current node, and then        go to step s219 b;    -   s219 e, set sub-node V2 as the current node, and go to step s219        b;    -   s219 f, obtain the classification result according to the value        of V.field, obtain the rule priority according to the value of        V.point, and then go to step s219 g;    -   s219 g, perform the classification result, such as forwarding,        logging or dropping of the packet.

Preferably, in step s219 d, locate sub-node V1 according to V.offset ofthe current node as &(V)+V.offset, where &(V) means the memory addressof the current node.

In s219 e, locate sub-node V2 according to V.offset of the current nodeas &(V)+V.offset+sizeof(V), where &(V) means the memory address of thecurrent node, sizeof(V) means the memory size occupied by one node.

The present invention also provides another multi-core processor basedpacket classification on multiple fields, including following steps:

-   -   s301, obtain the overall rule set R0, in which each rule        includes priority, the range value of the each filtering field,        and the classification results;    -   s302, define S0 as the initial search space, which contains all        possible values of each filtering field in packet header, and        every field corresponds to a dimension of the initial search        space;    -   s303, generate the root node V0 corresponding to R0, S0, and a        group of processing elements R′, S′ and V′. Then copy R0, S0 and        V0 to R′, S′ and V′ respectively;    -   s304, enqueue the group of processing elements R′, S′ and V′        into queue Q, which is a FIFO queue;    -   s305, dequeue a group of processing elements from the queue Q,        and denote as R, S, V respectively;    -   s306, decide whether each rule in R includes S, if so, go to        step s316, if not, go to step s307;    -   s307, every two adjacent endpoint values on each field of R form        an interval. Count the number of rules in R that fall into each        interval for all the fields, and compute the average number of        rules per interval for each field;    -   s308, select the field F with minimum average number of rules        per interval as the partition field;    -   s309, select endpoint P on field F as the partition point, such        that the sum of rules falling into the interval between the        first endpoint and P on F is the minimum number which is larger        than half of the sum of the rules falling into each interval;    -   s310, partition S into subspace S1 and subspace S2 through        partition point P on F;    -   s311, label all rules in R which overlap with subspace S1 as        rule set R1, and all rules in R which overlap with subspace S2        as rule set R2;    -   s312, generate two sub-node V1 and V2, store them in continuous        memory space, and associate V1 with R1,S1, V2 with R2, 82;    -   s313, set V as an internal node, and assign following data        structure to V:        -   V.field=F, V.point=P, V.offset=starting address of V1;    -   s314, generate a group of processing elements R′, S′ and V′,        copy R1, S1, and V1 to R′, S′ and V′ respectively, and then        enqueue the group into queue Q;    -   s315, generate a group of processing elements R′, S′ and V′,        copy R2, S2, and V2 to R′, S′ and V′ respectively, enqueue the        group into queue Q, and then return to step s305;    -   s316, obtain rule r with the highest priority in R, define V as        a leaf node, and then assign the following data structure to V:        -   V.field=r.action V.point=r.pri, V.offset=0;

Where r.action is the classification result of rule r, r.pri is thepriority of rule r;

-   -   s317, decide whether queue Q is empty, if is, go to step s318,        if not, go to step s305;    -   s318, return root node V0, which is the starting point node to        look up the decision tree data structure;    -   s319, receive a network packet, and according to the value of        filtering fields, look up the decision tree from the root node        V0, reach a leaf node, then classify the packet according to        V.field stored in the leaf node.

Preferably, the classification in step s319 includes the followingsub-steps:

-   -   s319 a, initialize the current node to be the root node V0;    -   s319 b, decide whether V.offset of the current node is 0, if so,        go to step s319 f, otherwise go to step s319 c;    -   s319 c, obtain the value of the V.field field in the packet        header, if the value is smaller than or equal to V.point, go to        step s319 d, otherwise, go to step s319 e;    -   s319 d, set sub-node V1 partition as the current node, and then        go to step s319 b;    -   s319 e, set sub-node V2 as the current node, and go to step s319        b;    -   s319 f, obtain the classification result according to the value        of V.field, and obtain the rule priority according to the value        of V.point, and then go to step s319 g;    -   s319 g, perform the classification result, such as forwarding,        logging or dropping of the packet.

Preferably, in s319 d, locate sub-node V1 according to V.offset of thecurrent node as &(V)+V.offset, where &(V) means the memory address ofthe current node.

In s319 e, locate sub-node V2 according to V.offset of the current nodeas &(V)+V.offset+sizeof(V), where &(V) means the memory address of thecurrent node, sizeof(V) means the memory size occupied by one node.

The method for multi-core processor based packet classification onmultiple fields according to the present invention has the followingadvantages:

-   -   a) It can be implemented on many types of platforms, including        CPU-based general-purpose platforms and NPU-based specialized        platforms;    -   b) The method to select the partition field and the partition        point ensures favorable performance and adaptive capabilities        for different network applications; and    -   c) It significantly reduces the costs of high-end routers and        firewalls, which will accelerate the implementation and        deployment of the next generation Internet.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows the prior flowchart to classify packets using decision treestructures.

FIG. 2 shows the flowchart of the multi-core processor based packetclassification on multiple fields according to the present invention.

FIG. 3 shows the flowchart of the decision tree-based packetclassification according to an embodiment of the present invention.

FIG. 4 shows the flowchart of another method for multi-core processorbased packet classification on multiple fields according to the presentinvention.

FIG. 5 shows the flowchart of a third method for multi-core processorbased packet classification on multiple fields according to the presentinvention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Hereinafter, the method for multi-core processor based packetclassification on multiple fields according to the present inventionwill be described in detail with reference to the accompanying drawingsand embodiments.

The proposed method in the present invention adapts to packetclassification of any dimension on multiple fields. In order toconveniently describe, the most commonly applied 5-tuple (i.e.source/destination network layer address (32-bit each),source/destination transport layer port (16-bit each) and transportlayer protocol flag (8 bits)) is defined as 5 filtering fields, thestandard followed by the packet classification according to the presentinvention is that the number of rules in every sub-space is reduced bypartition search space recursively until every subspace has a uniquematched rule. Regarding the question of selecting the particular fieldto partition and the particular point on the selected field topartition, the solution of the proposed method in the present inventionis to select a special field such that the total number of rules thatfall into two rule sub-sets in two sub-spaces is as small as possibleafter partitioning the selected field through the selected partitionpoint. The proposed method of selecting partition point on the selectedfield in the present invention is to select the point on the selectedfield such that the numbers of rules falling into the two sub-spaces areequal to each other as much as possible after partition through thepoint.

The innovation points of the present invention in comparison to theprior method are embodied in the method to construct a decision treedata structure used by classification, and the method to partitionsearch space during the construction of a decision tree, specifically,the method to select particular partition points and partition fields.The determination of partition points and partition dimensions are onlyrelated to sub-space and sub-sets of rules that fall into the sub-space,and apply one of the three methods to select partition points and one oftwo methods to select dimensions.

Embodiment 1

FIG. 2 shows the flowchart of the multi-core processor based packetclassification on multiple fields according to the present embodiment,including the following steps:

-   -   s101, obtain the overall rule set R0, in which each rule        includes priority, the range value of each filtering field, and        the classification results;        Every rule describes as follows for 5-tuple classification:

RULE{ uint16_t    pri;    // rule priority, 0 is the highest,uint32_t    sIP[2];  // range of source IP addressuint32_t    dIP[2];  // range of destination IP addressuint16_t   sPT[2]; // range of source port address uint16_t   dPT[2]; //range of destination port address uint8_t  prot;  // transport layerprotocol, such as TCP,UDP uint8_t  action;  //packet classificationresult,          //such as forwarding, logging or dropping. };Define overall rule set as R0, in which rules are represented as r0, r1,. . . , and ri indicates the rule which has priority i (pri=i).

s102, define S0 as the initial search space, which contains all possiblevalues of each filtering field in a packet header, and every fieldcorresponds to a dimension of initial search space;

-   -   for 5-tupel classification, initial search space is

S0={([0,232−1], [0,232−1], [0,216−1], [0,216−1], [0,28−1]};

s103, generate the root node V0 corresponding to the R0, S0, andgenerate a group of processing elements R′, S′ and V′. Then copy R0, S0and V0 to R′, S′ and V′ respectively;

The purpose of introducing the concept of a ‘node’ is to construct thedata structure of the decision tree by defining the node data structure.

s104, enqueue the group of processing elements R′, S′ and V′ into queueQ, which is a FIFO queue, that is, the purpose of enqueue is to add anew item to the position at the back of the queue, the purpose ofdequeue is to remove the item at the front of a non-empty queue;

s105, dequeue a group of processing elements from the queue Q, that is,dequeue the processing elements at the front, and obtain R′, S′, V′ ofthe dequeued processing elements, in order to identify them, here, R′,S′, V′ of the dequeued processing element are denoted as R, S, Vrespectively;

s106, decide whether each rule in R includes S, if so, which means thatthe node V doesn't need to be partitioned again, go to step s116, ifnot, which means that the node V needs to be further partitioned, go tostep s107;

The definition of ‘include’ in the context of “space which includesrules” mentioned here and in the description of the present invention isspecifically explained as follows:

“Include” relation for single dimension range: two intervals such as[a1, a2], [b1, b2], if a1<=b1 and a2>=b2, then [a1, a2] includes [b1,b2];

“Include” relation for multiple fields dimensional range: intervals onevery dimension of the multi-dimensional object A includes correspondingintervals of the multi-dimensional object B, rules and search spaces inthe embodiment are all multi-dimensional objects.

s107, select field F as the partition field for s, along which there area maximum number of different endpoint values.

In this embodiment, at first, M is defined as a set which contains allthe endpoint values (values of every starting point and ending point ofevery interval) of every rule in R on the same field f (for 5-tuple,0<=f<5), where 1<M′<2(N+1). N is the number of all rules in R. M′endpoint values on every field are sorted in ascending order and storedin array Pt[i], where 0<i<M′+1, thus the step is to select the dimensioncorresponding to the field whose array stores the most endpoint valuesas the partition dimension for partitioning S.

s108, sort different endpoint values of all rules in R along thepartition field F in the ascending order, and assume M endpoint valuesin total;

s109, select the endpoint value numbered/NT(M/2) along F as thepartition point P, where INT (M/2) means the rounding operation;

s110, partition S into subspace S1 and subspace S2 through partitionpoint P on F;

Spatial partition is defined as partitioning the current search space ona designated dimension. For example, if the initial search space ispartitioned through partition point P on the first field, then, twosearch sub-spaces are obtained, i.e.

-   -   S1′={[0,P−1], [0,2³²−1], [0,2¹⁶−1], [0,2¹⁶−1], [0,2⁸−1]},        S2′={[P,2³²—1], [0,2³²−1], [0,2¹⁶−1], [0,2¹⁶−1], [0,2⁸−1]}.

s111, label all rules in rule set R which overlap with subspace S1 asrule set R1, and all rules in R which overlap with subspace S2 as ruleset R2;

The definition of ‘overlap’ in the context ‘rules overlap with space’mentioned in the embodiment and the description of the present inventionis specifically explained as follows:

Overlapping relation for single dimensional range: two intervals such as[a1, a2], [b1, b2], if a1<=b2 and a2>=b1, then [a1, a2] is overlappedwith [b1, b2];

Overlapping relation of multiple fields dimensional range: everydimensional range of the multi-dimensional object A is overlapped withcorresponding dimensional range of the multi-dimensional object B, rulesand search spaces of the embodiment are multi-dimensional objects, sooverlapping between rules and spaces indicates the overlapping relationswhich meet the multiple fields dimensional range described above.

s112, generate two sub-nodes V1 and V2, store them in continuous memoryspace, and associate V1 with R1, S1, V2 with R2, S2. Since the memoryaddress spaces of V1 and V2 are continuous memory space, V2 could beobtained from the address space of V1;

s113, set V as an internal node, and assign following data structure toV:

-   -   V.field=F, V.point=P, V.offset=starting address of V1, here,        address is memory address value.        Thus, the node V's data structure of dequeued processing        elements is constructed, and dichotomized into two new sub-nodes        V1 and V2;

s114, generate a group of processing elements R′, S′ and V′, copy R1,S1, and V1 to R′, S′ and V′ respectively, and then enqueue the groupinto queue Q;

s115, generate a group of processing elements R′, S′ and V′, copy R2,S2, and V2 to R′, S′ and V′ respectively, enqueue the group into queueQ, and then return to step s105;

s116, obtain rule r with the highest priority in R, define V as a leafnode, and assign the following data structure to V:

-   -   V.field=r.action V.point=r.pri, V.offset=0;

Where r.action is the classification result of rule r, r.pri is thepriority level of rule r;

Thus, the data structure of V in the dequeued processing element isconstructed completely.

s117, decide whether queue Q is empty, if so, go to step s118, if not,go to step s105;

Only when the queue is empty does it indicate that the partition of allsearch spaces is finished and the construction of the decision tree iscompleted.

s118, return root node V0, which is the starting node to look up thedecision tree data structure;

Decision tree traversal is completed through a root node which is thestarting node to look up the decision tree data structures, so that theoperation of returning the root node is equal to the operation ofreturning the classification data structure of the entire decision tree.

s119, receive a network packets, and according to the values offiltering fields, look up the decision tree from the root node V0, reacha leaf node, then classify the packet according to V.field stored in theleaf node.

Steps s101-s117 mentioned above are the process of construction ofclassification data structures, i.e. decision trees. Initial searchspace may be continuously partitioned after the above steps. If theinitial search space is considered as root node V0 and partitionedcontinuously, sub-nodes could be obtained during the aforementionedprocess and the decision tree could then be constructed. The decisiontree of the embodiment is a binary tree, in which every node correspondsto one search space (the root node corresponds to the initial searchspace), every internal node has two sub-nodes, and the search spacescorresponding to the sub-nodes are two sub-spaces partitioned throughthe internal node as a partition point. The data structure of node is asfollows:

Node data structure: TREENODE{ Uint8_t field:8 // internal node: fieldto be spatially divided          // leaf node: classification result ofmatched //rules          (action ) uint32_t  offset:24; // internalnode: offset of lower level node         //address.         // Leafnode: 0 uint32_t  point;    // internal node: partition point         //leaf node: rule priority };

During the construction, one processing element is dequeued at one time,r.pri, V.offset is assigned to V.field, V.point for data structure ofnode V in the processing element. Then if queue Q is empty, it means allof nodes are assigned with values of V.field, V.point=r.pri, V.offsetamong the decision tree. Based on the above data structure constructionof the decision tree, the specific processes to classify receivedpackets in step s119 are described as follows.

For 5-tuple packet, the following 5-tuple information may be obtained:

32-bit source IP address: sIP;

32-bit destination IP address: dIP;

16-bit source port: sPT;

16-bit destination port: dPT;

8-bit transport layer protocol: prot.

The sub-steps of step s119 in the embodiment include:

s119 a, initialize the current node to be the root node V0;

s119 b, decide whether the V.offset of the current node is 0, if so,this indicates that the current node is a leaf node, go to step s119 f,otherwise, the current node is an internal node, go to step s119 c;

s119 c, dequeue the value of field in 5-tuple which corresponds toV.field in the current node, if the value is smaller than or equal toV.point, go to step s119 d, otherwise go to step s119 e;

s119 d, set sub-node V1 as the current node, and go to step s119 b,where the memory address of node V1 is &(V)+V.offset, &(V) means thememory address of the current node, V.offset is the offset of the lowernode address of the current node;

s119 e, set sub-node V2 as the current node, and return to step s119 b,where the memory address of V2 is &(V)+V.offset+sizeof(V), &(V) meansthe memory address of the current node, V.offset is the offset of thelower node address of the current node, sizeof(V) means the memory sizeoccupied by one node;

s119 f, obtain the classification result according to the value ofV.field, obtain the rule priority according to the value of V.point, andthen go to step s119 g;

s119 g, perform the classification result, such as forwarding logging ordropping of the packet.

Embodiment 2

The steps of the present embodiment are the same as that of embodiment1, except for the difference in the method for selecting partition pointP on partition field F in step s109 for partitioning S.

The method to select partition point P on partition field F in thepresent embodiment is to select P from M endpoint values as thepartition point such that after partitioning S through point P on fieldF, the number of rules that fall into one of the sub-spaces is closestto half of the number of all rules in R. That is, the endpoint valuePt[m] of the field F in R is selected as the partition point such thatthe number of rules that fall into a sub-space defined by [Pt[1], Pt[m]]can be equal to half of the number of all rules in R, i.e. INT(|R|/2),as far as possible, where |R| means the number of all rules in R, INTmeans the rounding operation.

The concept that the rule falls into the space mentioned in theembodiment and the description of the present invention is that rulesoverlap with space, where the definition for overlapping between rulesand space is the same as described above:

overlapping relation for single dimensional range: two intervals such as[a1, a2], [b1, b2], if a1<=b2 and a2>=b1, then [a1, a2] is overlappedwith [b1, b2];

overlapping relation for multiple fields dimensional range: everydimensional range in the multidimensional object A is overlapped with acorresponding dimensional range in the multidimensional object B, andrules and search spaces of the embodiment are multidimensional objects,so rules that fall into the spaces mean overlapping relations whichfulfill the multiple fields dimensional range described above.

Embodiment 3

The steps of the present embodiment are the same as that of embodiment 1and 2, except for a difference in the method to select partition point Pon F in step s107˜s109 for partitioning S.

As described above, collection M′ is formed by different endpoint values(starting point values and end point values of every interval) of allrules in R of processing element on every same field f (for 5-tuple,0<=f<5), in which 2<=M′<<2(N−1), N is the number of rules in R, then M′endpoint values of every field are sorted in the ascending order andstored in array Pt[i], in which 0<=i<M′. Each array Pt[i] mentionedabove corresponds to each field, and for one array, two adjacentendpoints form an interval, thus M′ endpoints form M′−1 intervals markedas Sr[j], where 0<=j<M′−1. The number of rules in R falling into eachinterval is marked as Sr[k], 0<=k<M′−1; here, that rules fall into everyinterval specifically means that rules fall into the sub-spaceconstructed by defining the value on the corresponding field in S intothe interval of adjacent endpoint values.

The method of selecting the partition dimension for internal node in thepresent embodiment is to count the number of rules that fall into everyinterval on the field of R, and to divide this number by the totalnumber of intervals M′-1 on the field to get the number T of averagerules per interval on every field, marked as follows:

$T = {\frac{1}{M^{\prime} - 1}{\sum\limits_{j = 0}^{M^{\prime} - 2}{{Sr}\lbrack j\rbrack}}}$

Select a partition dimension F such that T of the field is minimum, thatis, select the dimension corresponding to the field with the minimumaverage number of rules per interval as partition dimension F.

The method of selecting partition point P on the partition dimension Fis to select one endpoint value Pt[m] of field F as a partition pointsuch that in is the minimum value which satisfies the followingexpression:

${\sum\limits_{j = 0}^{m}{{Sr}\lbrack j\rbrack}} > {\frac{1}{2}{\sum\limits_{j = 0}^{M^{\prime} - 2}{{{Sr}\lbrack j\rbrack}.}}}$

That is, p is the endpoint with minimum value which satisfies thefollowing constraint condition: the sum of rules falling into theinterval between the first endpoint and P on F is larger than half ofthe sum of the rules falling into each interval.

Currently specialized chips like ASIC/FPGA are used to solve performancebottleneck in packet classification in gigabit high-end routers.However, the disadvantages of a long time-to-market, large silicon area,high power consumption, and difficult upgrades result in a lowperformance/cost ratio for hardware solutions that further limits theextensive implementation of the aforementioned hardware. In contrast,the present invention can be implemented on many types of platforms,including general-purpose platforms based on microprocessor CPUs andspecialized platform based on network processor NPUs, which ensuresfavorable performance and adaptive capability for different networks.Therefore, the whole software and hardware system can be provided tomanufacturers as a core module of multiple fields packet classification,to increase the performance of packet classification devices based on ageneral-purpose processing platform, significantly reduces cost of thehigh-end routers and firewalls, thus accelerating the implementation andoperation of the next generation Internet.

While the invention has been shown and described with respect to theembodiments, it should be understood that various changes andmodifications may be made without departing from the scope of theinvention as defined in the following claims.

1. A method for multi-core processor based packet classification onmultiple fields, including the following steps: Block 101, obtain theoverall rule set R0, in which each rule includes priority, the rangevalue of each filtering field, and the classification results; Block102, define S0 as the initial search space, which contains all possiblevalues of each filtering field in a packet header, and every fieldcorresponds to a dimension of the initial search space; Block 103,generate the root node V0 corresponding to R0, S0, and a group ofprocessing elements R′, S′ and V′, then copy R0, S0 and V0 to R′, S′ andV′ respectively; Block 104, enqueue the group of processing elements R′,S′ and V′ into queue Q, which is a FIFO queue; Block 105, dequeue agroup of processing elements from the queue Q, and denote as R, S, Vrespectively; Block 106, decide whether each rule in R includes S, ifso, perform step s116, if not, perform step s107; Block 107, selectfield F as the partition field for S, along which there are maximumnumber of different endpoint values. Block 108, sort different endpointvalues of all rules in R along the partition field F in the ascendingorder, assume M endpoint values in total; Block 109, select the endpointnumbered INT(M/2) along F as the partition point P, where INT(M/2) meansthe rounding operation; Block 110, partition S into subspace S1 andsubspace S2 through partition point P on F; Block 111, label all rulesin rule set R which overlap with subspace S1 as rule set R1, and allrules in R which overlap with subspace 52 as rule set R2; Block 112,generate two sub-nodes V1 and V2, store them in continuous memory space,and associate V1 with R1, S1, V2 with R2, S2; Block 113, set V as aninternal node, and assign the following data structure to V: V.field=F,V.point=P, V.offset starting address of V1; Block 114, generate a groupof processing elements R′, S′ and V′, copy R1, S1, and V1 to R′, S′ andV′, and then enqueue the group into queue Q; Block 115, generate a groupof processing elements R′, S′ and V′, copy R2, S2, and V2 to R′, S′ andV′, enqueue the group into queue Q, and then return to step s105; Block116, obtain rule r with the highest priority in R, define V as a leafnode, and assign the following data structure to V: V.field=r.action,V.point=r.pri V.offset=0; Where r.action is the classification result ofrule r, r.pri is the priority of rule r; Block 117, decide whether queueQ is empty, if so, perform Block 118, if not, go to Block 105; Block118, return root node V0, which is the starting node to look up thedecision tree data structure; Block 119, receive a network packet, andaccording to the values of filtering fields, look up the decision treefrom the root node V0 until reach a leaf node, then classify the packetaccording to Wield stored in the leaf node.
 2. A method for multi-coreprocessor based packet classification on multiple fields of claim 1,characterized in that the classification in block 119 further includesthe following sub-steps: Block 119 a, initialize the current node to bethe root node V0; Block 119 b, decide whether V.offset of the currentnode is 0, if so, go to Block 119 f, otherwise go to Block 119 e; Block119 c, obtain the value of the V.field field in the packet header, ifthe value is smaller than or equal to V.point, go to Block 119 d,otherwise, go to Block 119 e; Block 119 d, set sub-node V1 as thecurrent node, and go to Block 119 b; Block 119 e, set sub-node V2 as thecurrent node, and go to Block 119 b; Block 119 f, obtain theclassification result according to the value of V.field, obtain the rulepriority according to the value of V.point, and then go to B lock 119 g;Block 119 g, perform the classification result, such as forwarding,logging or dropping of the packet.
 3. A method for multi-core processorbased packet classification on multiple fields of claim 2, characterizedin that, In block 119 d, allocate sub-node V1 according to V.offset ofthe current node before update, the storage address of V1 is:&(V)+V.offset, where &(V) means the storage address of the current nodebefore updating; In block 119 e, allocate sub-node V2 according toV.offset of the current node before update, the storage address of V2is: &(V)+V.offset+sizeof(V), where &(V) means the storage address of thecurrent node before updating, sizeof(V) means the address range occupiedby one node.
 4. A method for multi-core processor based packetclassification on multiple fields, including following steps: Block 201,obtain the overall rule set R0, in which each rule includes priority,the range value of each filtering field, and the classification results;Block 202, define S0 as the initial search space, which contains allpossible values of each filtering field in a packet header, and everyfield corresponds to a dimension of the initial search space; Block 203,generate the root node V0 corresponding to R0, S0, and a group ofprocessing elements R′, S′ and V′, then copy R0, S0 and V0 to R′, S′ andV′ respectively; Block 204, enqueue the group of processing elements R′,S′ and V′ into queue Q, which is a FIFO queue; Block 205, dequeue agroup of processing elements from the queue Q, and denote as R, S, Vrespectively; Block 206, decide whether each rule in R includes S, ifso, perform Block 216, if not, perform Block 217; Block 207, selectfield F as the partition field for S, along which there a maximum numberof different endpoint values; Block 208, sort different endpoint valuesof all rules in R along the partition field F in the ascending order,assume M endpoint values in total; Block 209, select endpoint P form Mendpoints as the partition point, such that after partitioning S throughpoint P on field F, the number of rules that fall into one of thesub-spaces is closest to half of the number of all rules in R; Block210, partition S into subspace S1 and subspace S2 through partitionpoint P on F; Block 211, label all rules in rule set R which overlapwith subspace S1 as rule set R1, and all rules in R which overlap withsubspace S2 as rule set R2; Block 212, generate two sub-nodes V1 and V2,store them in continuous memory space, and associate V1 with R1, S1, V2with R2, S2; Block 213, set V as an internal node, and assign thefollowing data structure to V: V.field=F, V.point=P, V.offset=startingaddress of V1; Block 214, generate a group of processing elements R′, S′and V′, copy R1, S1, and V1 to R′, S′ and V′, and then enqueue the groupinto queue Q; Block 215, generate a group of processing elements R′, S′and V′, copy R2, S2, and V2 to R′, S′ and V′, enqueue the group intoqueue Q, and then return to Block 205; Block 216, obtain rule r with thehighest priority in R, define V as a leaf node, and assign the followingdata structure to V: V.field=r.action, V.point=r.pri V.offset=0; Wherer.action is the classification result of rule r, r.pri is the priorityof rule r; Block 217, decide whether queue Q is empty, if so, performBlock 218, if not, go to Block 205; Block 218, return root node V0,which is the starting node to look up the decision tree data structure;Block 219, receive a network packet, and according to the values offiltering fields, look up the decision tree from the root node V0 untilreach a leaf node, then classify the packet according to V.field storedin the leaf node.
 5. A method for multi-core processor based packetclassification on multiple fields of claim 4, characterized in that thestep of classification in block 219 further includes the followingsub-steps: Block 219 a, initialize the current node to be the root nodeV0; Block 219 b, decide whether V.offset of the current node is 0, ifso, go to Block 219 f, otherwise go to Block 219 c; Block 219 c, obtainthe value of the V.field field in the packet header, if the value issmaller than or equal to V.point, go to Block 219 d, otherwise, go toBlock 219 e; Block 219 d, set sub-node V1 as the current node, and go toBlock 219 b; Block 219 e, set sub-node V2 as the current node, and go toBlock 219 b; Block 219 f, obtain the classification result according tothe value of V field, obtain the rule priority according to the value ofV.point, and then go to Block 219 g; Block 219 g, perform theclassification result, such as forwarding, logging or dropping of thepacket.
 6. A method for multi-core processor based packet classificationon multiple fields of claim 5, characterized in that, In block 219 d,allocate sub-node V1 according to V.offset of the current node beforeupdate, the storage address of V1 is: &(V)+V.offset, where &(V) meansthe storage address of the current node before updating; In block 219 e,allocate sub-node V2 according to V.offset of the current node beforeupdate, the storage address of V2 is: &(V)+V.offset+sizeof(V), where&(V) means the storage address of the current node before update,sizeof(V) means the address range occupied by one node.
 7. A method formulti-core processor based packet classification on multiple fields,including the following steps: Block 301, obtain the overall rule setR0, in which each rule includes priority, the range value of eachfiltering field, and the classification results; Block 302, define S0 asthe initial search space, which contains all possible values of eachfiltering field in a packet header, and every field corresponds to adimension of the initial search space; Block 303, generate the root nodeV0 corresponding to R0, S0, and a group of processing elements R′, S′and V′, then copy R0, S0 and V0 to R′, S′ and V′ respectively; Block304, enqueue the group of processing elements R′, S′ and V′ into queueQ, which is a FIFO queue; Block 305, dequeue a group of processingelements from the queue Q, and denote as R, S, V respectively; Block306, decide whether each rule in R includes S, if so, perform Block 316,if not, perform Block 307; Block 307, every two adjacent endpoint valueson each field of R form an interval, count the number of rules in R thatfall into each interval for all the fields, and compute the averagenumber of rules per interval for each field; Block 308, select the fieldF with minimum average number of rules per interval as the partitionfield; Block 309, select endpoint P on field F as the partition point,such that the sum of rules falling into the interval between the firstendpoint and P on F is the minimum number which is larger than half ofthe sum of the rules falling into each interval; Block 310, partition Sinto subspace S1 and subspace S2 through partition point P on F; Block311, label all rules in rule set R which overlap with subspace S1 asrule set and all rules in R which overlap with subspace S2 as rule setR2; Block 312, generate two sub-nodes V1 and V2, store them incontinuous memory space, and associate V1 with R1, S1, V2 with R2, S2;Block 313, set V as an internal node, and assign the following datastructure to V: V.field=F, V.point=P, V.offset starting address of V1;Block 314, generate a group of processing elements R′, S′ and V′, copyR1, S1, and V1 to R′, S′ and V′, and then enqueue the group into queueQ; Block 315, generate a group of processing elements R′, S′ and V′,copy R2, S2, and V2 to R′, S′ and V′, enqueue the group into queue Q,and then return to Block 305; Block 316, obtain rule r with the highestpriority in R, define V as a leaf node, and assign the following datastructure to V: V.field=reaction, V.point=r.pri, V.offset=0; Wherer.action is the classification result of rule r, r.pri is the priorityof rule r; Block 317, decide whether queue Q is empty, if so, performBlock 318, if not, go to step Block 305; Block 318, return root node V0,which is the starting node to look up the decision tree data structure;Block 319, receive a network packet, and according to the values offiltering fields, look up the decision tree from the root node V0 untilreach a leaf node, then classify the packet according to V.field storedin the leaf node.
 8. A method for multi-core processor based packetclassification on multiple fields of claim 7, characterized in that theclassification in block 319 further includes the following sub-steps:Block 319 a, initialize the current node to be the root node V0; Block319 b, decide whether V.offset of the current node is 0, if so, go toBlock 319 f, otherwise go to Block 319 c; Block 319 c, obtain the valueof the V.field field in the packet header, if the value is smaller thanor equal to V.point, go to Block 319 d, otherwise, go to Block 319 e;Block 319 d, set sub-node V1 as the current node, and go to Block 319 b;Block 319 e, set sub-node V2 as the current node, and go to Block 319 b;Block 319 f, obtain the classification result according to the value ofV.field, obtain the rule priority according to the value of V.point, andthen go to Block 319 g; Block 319 g, perform the classification result,such as forwarding, logging or dropping of the packet.
 9. A method formulti-core processor based packet classification on multiple fields ofclaim 8, characterized in that, In block 319 d, allocate sub-node V1according to V.offset of the current node before update, the storageaddress of V1 is: &(V)+V.offset, where &(V) refers to the storageaddress of the current node before updating; In block 319 e, allocatesub-node V2 according to V.offset of the current node before update thestorage address of V2 is: &(V)+V.offset+sizeof(V), where &(V) means thestorage address of the current node before updating, sizeof(V) means theaddress range occupied by one node.